Privacy Policy
We have taken the time to respond to your most frequently asked questions to help make your experience with Rivers even easier
- Who we are.
- How to contact Rivers Finance Group about your Personal Data?
- Scope of this Privacy Policy and changes.
- What are your rights?
- Withdrawing consent.
- Personal Data we collect about you.
- Sources of Personal Data.
- How we use your Personal Data.
- Storage of your Personal Data.
- Disclosure of your Personal Data.
- Change of Purpose.
- Contact.
- Complaints.
1. Who we are
1.1 Rivers Finance Group operate under a number group companies of trading names which reflect the different services and products we have available for our customers. These include: Rivers Finance Group Plc; Rivers Leasing Plc; Rivers Finance Limited; Rivers Funding Limited; Rivers SPV Limited; Rivers SPV 2 Limited. When we refer to “Rivers Finance Group”, “We”, “our” and “us” in this Policy we are referring to each of these trading names collectively and individually, unless otherwise stated.
1.2 We are committed to protecting and respecting your privacy. We will only process or otherwise disclose your personal information as described in this Policy.
1.3 For the purpose of the UK GDPR and the Data Protection Act 2018, the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, Rivers Finance Group will be the data controller for your personal data, as set out in this Policy.
2. How to contact Rivers Finance Group about your Personal Data?
2.1 Questions, comments, issues and requests regarding this privacy policy or your data, including when exercising your data rights, are welcomed and should be addressed to [email protected] or [email protected]
2.2 Amba House 15, College Road, Harrow, HA1 1BA
2.3 Telephone: +44 (0) 020 4553 7555 or +44 (0) 020 8424 8262
3. Scope of this Privacy Policy and changes
3.1 This Policy aims to give you information on how we collect and process your personal data through your use of our websites (see 3.2), including any data you may provide when receiving our services, applying for funding, being introduced for funding (broking), when registering with us and completing due diligence; when your employer is a customer of ours; when using our websites or when you communicate with us; when you sign up to any newsletter or email list; or when you enquire about our services or products. This policy also sets out when we may communicate with you in relation to our services, products and business, as well as the data we need to process in order to provide our services and products.
3.2 As with all our policies, we may revise and update this Policy from time to time, and any updates will be placed on:
www.riversfunding.com and www.riversleasing.com
Please refer to these websites regularly to check any changes and updates to this Policy.
3.3 These websites are collectively and individually referred to throughout this document as “the website”. The website is not intended for children and we do not knowingly collect data relating to children.
4. What are your rights?
4.1 Rivers Finance Group recognises that your personal data belongs to you and we don’t wish to use it in ways that you don’t want us to.
4.2 Please note that you have specific rights under data protection law in relation to the use of your data, including the ability to regulate and/or object to our use of your data.
4.3 You have the right to object to our processing of your data in some circumstances, including where:
- Processing is based on legitimate interest;
- Processing is for the purpose of direct marketing;
- Processing involves automated decision-making and profiling.
4.4 You can also exercise a variety of rights regarding our use of your data:
- You can ask us for a copy of the information we have about you (usually free of charge)
- You can request an explanation of decisions regarding the processing of your information.
- You can ask us to correct any incorrect data we have about you by contacting us via the details above.
- You can ask us to delete your data.
- You can ask for your data in a common, machine-readable format.
- You can object to any processing we do on the basis of legitimate interests or to any automated decision-making, for example when your employer shares your details with us.
- object to us processing your personal data for direct marketing purposes even if you have previously given consent.
Please note we will balance any request to assert the above rights with other legal requirements and permissions in relation to the processing and retention of personal data; for example, the need to protect other individual’s personal data, to perform a contract with you, to meet a legal reporting requirement or because we have a compelling legitimate interest which we have determined to outweigh the above rights.
4.5 What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
4.6 Time limit to respond
We aim to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
5. Withdrawing your consent
Where we are processing your personal data based on your consent, you may change your mind and withdraw your consent at any time. You can also withdraw any consent you have previously provided to us by contacting us using the details in this policy.
6. Personal Data we may collect from you
6.1 We may collect and process the following personal data about you, including from third parties or public available sources:
- your personal details (including name, date of birth, current and previous postal addresses and national insurance number);
- your contact information (including phone and e-mail details);
- identity documentation relating to a funding application;
- for borrowers, those representing borrowers and relevant investors) your business name and contact information, and borrowing history;
- financial information (including bank or building society account details and details of debit cards used to make transfers);
- information you provide in our registration or application processes (including, if you are a borrower, Agent or relevant investor, certain personal data, identity verification, contact details and financial information about directors, partners, members, shareholders, beneficial owners and guarantors);
- information about your business or company, such as previous credit applications and the conduct of your accounts, and similar personal credit information;
- credit reference checks;
- electoral register information;
- fraud prevention information;
- passwords and answers to security questions.name;
- information about any device you have used to access our services or the websites, (such as your device’s make and model, device identifier, operating system, browser, MAC address or IP address);
- information about the pages or sections you have visited on the websites including the pages or sections you visited, the website or mobile application you were referred from, and when you visited or used them;
- information about the services or funding we provide to you (including for example, what we have provided to you, when and where and, if applicable, how much you paid);
- information you provide to us with when you contact us by phone, email, post, or when you communicate with us via social media;
- information about electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication;
- other personal data which you may disclose to us when you use our services at any time.
We also collect, use, retain and share anonymous or aggregated data ‘Aggregated Data’ such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate data on how you use our Website to calculate the percentage of users accessing a specific website feature, or to better understand how our customers engage with our funding products or services. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
Sensitive Data (known as Special Categories of Personal Data and includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). If you are a borrower we may collect this information about you, including criminal records or medical information, but we will obtain your consent at that time.
7. Sources of personal data
7.1 We will receive your personal data when you provide them to us yourself.
Direct interactions. You may give us your Profile, Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- receive our services and/or funding products;
- create an account for one of our services ;
- engage us as your agent/broker;
- you enquire about or purchase services on behalf of your employer/business;
- enquire about or discuss our services and/or products;
- subscribe to our newsletter or mailing list;
- request marketing to be sent to you;
- respond to a survey or provide feedback.
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy hosted on website for further details.
Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below.
- From your employer;
- From a family member when they have been appointed or notified to us as a point of contact;
- From your broker or agent;
- From our network of third party finance partners in respect of making or receiving referrals;
- From banks, financial institutions and payment processing facilities;
- Credit reference agencies, conducting commercial credit checks, quotation searches, consumer credit searches, and other financial suitability checks, as well as ongoing communications and updates (The identities of the CRSs, and the ways in which they use and share personal information, are explained more in detail at www.callcredit.co.uk/crain and www.experian.co.uk/crain);
- Companies House and any other agreed third party references;
- From our industry regulators and Government bodies;
- Fraud prevention agencies (including CIFAS) and the police;
- Technical Data from analytics providers such as Google;
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services;
7.2 Where we have engaged a sub-contractor to perform some of the services to you, they may collect some personal data whilst performing such services and this will be given to us (see also section 10 below Disclosure of your Information).
8. How we use your Personal Data
8.1 All personal data that we obtain about you will be used in accordance with current data protection law and this Privacy Policy. We will process your personal data as follows:
- As necessary, to meet our obligations under any contracts we are a party to (or your employer or main contractor is a party to), such as a contract to perform broking services, or under a funding arrangement including, where applicable, opening accounts, transferring money and carrying out support services.
-
As necessary, to comply with a legal obligation, for
the following purposes:
- Where you exercise your rights under data protection law and make requests.
- To report to our regulators.
- To provide and maintain tax and accounting records.
- To prevent criminal activity, money laundering and fraud (including conducting Know-Your-Client checks)
-
Based on your consent, for the following purposes:
- To conduct credit checks and other due diligence associated with funding applications;
- To refer to third-party finance partners in relation to their products and services.
Based on Legitimate Interest. We may process your personal data for the purposes of our legitimate interests, provided that these uses aren’t outweighed by your rights or interests. For any uses we justify on the basis of legitimate interest, you have the right to opt out of such processing. These include the following:
- To conduct general credit and account management.
- To trace and recover debts.
- We may contact you for marketing purposes (see 8.2 Marketing).
- To prevent fraud and money laundering.
- We may review and assess your use of our services in order to better understand our business and services, as well as develop new products.
- To contact you in relation the performance of services to you or your employer.
- To manage or accounts and tax reporting.
- To manage and support our CRM and business functions, supply chain and subcontractors.
- To operate and maintain our website and, to provide updates and new versions and ensure their performance.
- To ascertain your borrowing needs and to periodically assess your eligibility for other products we offer which may be relevant for you.
- To implement and enforce personal guarantees.
- To administer our products and services.
- To review our use of personal data to ensure it is compliant.
8.2 Marketing
- We do not market to individuals or consumers. If you have received a communication in error please let us know, so that we may rectify our records.
- We do contact and market to existing business customers and other organisations which we believe may be interested in our services and, as such, may contact you using your business contact information in order to discuss this with you or your employer. We rely on our legitimate business interests to do this.
- Nonetheless, we strive to provide you with choices regarding any marketing communication and you will be able to opt out of any communications. If you opt-out we operate a suppression list to ensure we can manage this process, which means we keep the minimal personal data necessary to ensure we do not contact you again.
- Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of service purchase or other transactions, or when we have another legal basis to process your personal data.
- We do not share your data for third party marketing without your consent.
8.3 Links:
Our Website may, from time to time, contain links to and from the websites of our partners. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
9. Storage of your Personal Data
9.1 Rivers Finance Group is a UK based organisation whose offices are in the UK.
- Our websites are hosted within the UK;
- Our customer relationship management, marketing and accounting systems for all our businesses are UK based
- We use AWS as part of our processing environment and utilise UK located processing facilities.
- Our payment processors and banking arrangements are based in the UK or EU;
- Our UK based staff handle your data;
- Our UK based suppliers and partners process personal data on our behalf and this is subject to our instructions and control. Where we transfer personal data to third party suppliers, we ensure there are appropriate safeguards in place.
9.2 We use commercially reasonable technical, organisational, and administrative safeguards to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration, and destruction, taking into account the nature of the personal data and risks involved in processing that information.
9.3 We may also transfer your data outside of UK without one of the above safeguards (9.2) on an occasional basis with your consent or to perform a contract with you.
9.4 Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website. Any transmission is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
10. Disclosure of your Personal Data
10.1 We may disclose your personal information to any member of Rivers Finance Group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in Section 736 of the UK Companies Act 1985.
10.2 We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If our business or substantially all of its assets is acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements with you.
- To protect the rights, property, or safety of us, our customers, or others.
- To fraud prevention agencies and the police.
- To credit reference agencies.
- To your broker or agent.
- To other funding providers who may be able to offer you a product or service.
- Debt collection or enforcement agencies.
- To our professional advisors, IT support, AWS and other cloud services.
- If we need to disclose personal data to one of our sub-contractors and suppliers who may be providing the services or products directly to you, however, please note we ensure we have appropriate safeguards in place with these sub-contractors.
- To other third parties with your prior consent.
11. Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
12. Contact
If you have any questions regarding this Privacy Policy, please contact us using the following contact information.
- Email: [email protected] or [email protected]
- Telephone: +44 (0) 020 4553 7555 or +44 (0) 020 8424 8262
- Post: Amba House 15 College Road, Harrow, HA1 1BA
13. Complaints
13.1 Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.
13.2 Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority. For the United Kingdom, this is the Information Commissioner’s Office (ICO), who is also our lead supervisory authority. Its contact information can be found at https://ico.org.uk/global/contact-us/
Policy update
This policy was last updated on 1st June 2024